Tracking down the data thieves

Commercial reality
The answer is that, unlike hacker products, which are usually spread to a system by viruses or Trojans and can be detected and dealt with by anti-virus products, keyloggers inhabit a different part of the computing ecology, with a sort of ‘protected species status’.

In other words, some anti-virus and security product manufacturers are afraid of legal action from the creators of keylogging software, and so don’t report their products as malware.

That’s due in part to the fact that, while a virus or Trojan has only malicious uses, keyloggers are often sold with the claim that they can help you monitor what your spouse, children or employees are doing with a computer.

Spying on people in this way may not be ethical, but in many parts of the world it’s entirely legal, putting spyware and anti-virus authors in an awkward position if they were to label keylogging programs as malicious.

So, if you want to be sure your computer is clean and not being monitored, you can’t rely on your usual security tools. You’ll need, instead, to use some more specialised techniques.

How they work
Before looking at how to remove them, it’s helpful to understand a little about how these programs work. From a technical point of view, a keylogger is an arrangement for capturing and recording keyboard input.

Everything you type on your keyboard is captured and saved, usually in such a way that you can’t get at the captured data. There are both software and hardware keyloggers; the latter are physical devices that sit between the keyboard and the PC.

Software keyloggers typically hook themselves into the system at a low level, often masquerading as device drivers and intercepting system calls, so they have access to everything typed on the keyboard.

They may even capture the screen and mouse movements to help subvert attempts at security using dropdown forms on websites, or on-screen keyboards. And they can be hidden with innocent-looking software.

Hardware logging
While most keyloggers are software based, and they’re the type users will likely encounter, it’s worth bearing in mind that for less than £40 you can buy a hardware keylogger that can’t be detected by any security utility.

It’s very easy to install; you simply put the keylogger between the target computer’s PS/2 keyboard socket and the keyboard plug. In a best-case scenario this will allow you to capture more than 250,000 keystrokes.